<?php
/**
 * 验证auth-api的用户权限
 */

namespace App\Http\Middleware;

use Closure;
use App\Services\Tools\CurlService;
use App\Exceptions\BasicException;

class AuthApiMiddleware
{

    public function handle($request, Closure $next)
    {
        //开启开发者模式,跳过权限控制
        if(!env('BASE_ISDEVELOPER', true)) {

            $Authorization = $request->header('Authorization','');

            if(!$Authorization) throw new BasicException(-1, '未授权');
            $url = ENV('AUTH_URL').'/account/info';
            $headers = ['Authorization:'.$Authorization];
            $info = CurlService::curl_get_info($url, [], $headers);
            if (empty($info)) {
                throw new BasicException(-1, '未授权');
            }

        }

        return $next($request);

    }

}
